1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/persistentdata/persistentstorage/sqlite3api/TEST/TclScript/fuzz.test Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,251 @@
1.4 +# 2007 May 10
1.5 +#
1.6 +# The author disclaims copyright to this source code. In place of
1.7 +# a legal notice, here is a blessing:
1.8 +#
1.9 +# May you do good and not evil.
1.10 +# May you find forgiveness for yourself and forgive others.
1.11 +# May you share freely, never taking more than you give.
1.12 +#
1.13 +#***********************************************************************
1.14 +# This file implements regression tests for SQLite library. The
1.15 +# focus of this file is generating semi-random strings of SQL
1.16 +# (a.k.a. "fuzz") and sending it into the parser to try to
1.17 +# generate errors.
1.18 +#
1.19 +# The tests in this file are really about testing fuzzily generated
1.20 +# SQL parse-trees. The majority of the fuzzily generated SQL is
1.21 +# valid as far as the parser is concerned.
1.22 +#
1.23 +# The most complicated trees are for SELECT statements.
1.24 +#
1.25 +# $Id: fuzz.test,v 1.14 2007/05/30 10:36:47 danielk1977 Exp $
1.26 +
1.27 +set testdir [file dirname $argv0]
1.28 +source $testdir/tester.tcl
1.29 +
1.30 +set ::REPEATS 5000
1.31 +
1.32 +# If running quick.test, don't do so many iterations.
1.33 +if {[info exists ::ISQUICK]} {
1.34 + if {$::ISQUICK} { set ::REPEATS 20 }
1.35 +}
1.36 +
1.37 +source $testdir/fuzz_common.tcl
1.38 +
1.39 +#----------------------------------------------------------------
1.40 +# These tests caused errors that were first caught by the tests
1.41 +# in this file. They are still here.
1.42 +do_test fuzz-1.1 {
1.43 + execsql {
1.44 + SELECT 'abc' LIKE X'ABCD';
1.45 + }
1.46 +} {0}
1.47 +do_test fuzz-1.2 {
1.48 + execsql {
1.49 + SELECT 'abc' LIKE zeroblob(10);
1.50 + }
1.51 +} {0}
1.52 +do_test fuzz-1.3 {
1.53 + execsql {
1.54 + SELECT zeroblob(10) LIKE 'abc';
1.55 + }
1.56 +} {0}
1.57 +do_test fuzz-1.4 {
1.58 + execsql {
1.59 + SELECT (- -21) % NOT (456 LIKE zeroblob(10));
1.60 + }
1.61 +} {0}
1.62 +do_test fuzz-1.5 {
1.63 + execsql {
1.64 + SELECT (SELECT (
1.65 + SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1
1.66 + ))
1.67 + }
1.68 +} {-2147483648}
1.69 +do_test fuzz-1.6 {
1.70 + execsql {
1.71 + SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1
1.72 + }
1.73 +} [execsql {SELECT 'abc', zeroblob(1)}]
1.74 +
1.75 +do_test fuzz-1.7 {
1.76 + execsql {
1.77 + SELECT ( SELECT zeroblob(1000) FROM (
1.78 + SELECT * FROM (SELECT 'first') ORDER BY NOT 'in')
1.79 + )
1.80 + }
1.81 +} [execsql {SELECT zeroblob(1000)}]
1.82 +
1.83 +do_test fuzz-1.8 {
1.84 + # Problems with opcode OP_ToText (did not account for MEM_Zero).
1.85 + # Also MemExpandBlob() was marking expanded blobs as nul-terminated.
1.86 + # They are not.
1.87 + execsql {
1.88 + SELECT CAST(zeroblob(1000) AS text);
1.89 + }
1.90 +} {{}}
1.91 +
1.92 +do_test fuzz-1.9 {
1.93 + # This was causing a NULL pointer dereference of Expr.pList.
1.94 + execsql {
1.95 + SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random())
1.96 + }
1.97 +} {}
1.98 +
1.99 +do_test fuzz-1.10 {
1.100 + # Bug in calculation of Parse.ckOffset causing an assert()
1.101 + # to fail. Probably harmless.
1.102 + execsql {
1.103 + SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1))))
1.104 + }
1.105 +} {1}
1.106 +
1.107 +do_test fuzz-1.11 {
1.108 + # The literals (A, B, C, D) are not important, they are just used
1.109 + # to make the EXPLAIN output easier to read.
1.110 + #
1.111 + # The problem here is that the EXISTS(...) expression leaves an
1.112 + # extra value on the VDBE stack. This is confusing the parent and
1.113 + # leads to an assert() failure when OP_Insert encounters an integer
1.114 + # when it expects a record blob.
1.115 + #
1.116 + # Update: Any query with (LIMIT 0) was leaking stack.
1.117 + #
1.118 + execsql {
1.119 + SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS (
1.120 + SELECT 'C' FROM (SELECT 'D' LIMIT 0)
1.121 + )
1.122 + }
1.123 +} {A}
1.124 +
1.125 +do_test fuzz-1.12.1 {
1.126 + # Create a table with a single row.
1.127 + execsql {
1.128 + CREATE TABLE abc(b);
1.129 + INSERT INTO abc VALUES('ABCDE');
1.130 + }
1.131 +
1.132 + # The following query was crashing. The later subquery (in the FROM)
1.133 + # clause was flattened into the parent, but the code was not repairng
1.134 + # the "b" reference in the other sub-query. When the query was executed,
1.135 + # that "b" refered to a non-existant vdbe table-cursor.
1.136 + #
1.137 + execsql {
1.138 + SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc);
1.139 + }
1.140 +} {1}
1.141 +do_test fuzz-1.12.2 {
1.142 + # Clean up after the previous query.
1.143 + execsql {
1.144 + DROP TABLE abc;
1.145 + }
1.146 +} {}
1.147 +
1.148 +
1.149 +do_test fuzz-1.13 {
1.150 + # The problem here was that when there were more expressions in
1.151 + # the ORDER BY list than the result-set list. The temporary b-tree
1.152 + # used for sorting was being misconfigured in this case.
1.153 + #
1.154 + execsql {
1.155 + SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC;
1.156 + }
1.157 +} {abcd efgh}
1.158 +
1.159 +do_test fuzz-1.14.1 {
1.160 + execsql {
1.161 + CREATE TABLE abc(a, b, c);
1.162 + INSERT INTO abc VALUES(123, 456, 789);
1.163 + }
1.164 +
1.165 + # The [a] reference in the sub-select was causing a problem. Because
1.166 + # the internal walkSelectExpr() function was not considering compound
1.167 + # SELECT operators.
1.168 + execsql {
1.169 + SELECT 1 FROM abc
1.170 + GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123);
1.171 + }
1.172 +} {1}
1.173 +do_test fuzz-1.14.2 {
1.174 + execsql {
1.175 + DROP TABLE abc;
1.176 + }
1.177 +} {}
1.178 +
1.179 +#----------------------------------------------------------------
1.180 +# Test some fuzzily generated expressions.
1.181 +#
1.182 +do_fuzzy_test fuzz-2 -template { SELECT [Expr] }
1.183 +
1.184 +do_test fuzz-3.1 {
1.185 + execsql {
1.186 + CREATE TABLE abc(a, b, c);
1.187 + CREATE TABLE def(a, b, c);
1.188 + CREATE TABLE ghi(a, b, c);
1.189 + }
1.190 +} {}
1.191 +set ::TableList [list abc def ghi]
1.192 +
1.193 +#----------------------------------------------------------------
1.194 +# Test some fuzzily generated SELECT statements.
1.195 +#
1.196 +do_fuzzy_test fuzz-3.2 -template {[Select]}
1.197 +
1.198 +#----------------------------------------------------------------
1.199 +# Insert a small amount of data into the database and then run
1.200 +# some more generated SELECT statements.
1.201 +#
1.202 +do_test fuzz-4.1 {
1.203 + execsql {
1.204 + INSERT INTO abc VALUES(1, 2, 3);
1.205 + INSERT INTO abc VALUES(4, 5, 6);
1.206 + INSERT INTO abc VALUES(7, 8, 9);
1.207 + INSERT INTO def VALUES(1, 2, 3);
1.208 + INSERT INTO def VALUES(4, 5, 6);
1.209 + INSERT INTO def VALUES(7, 8, 9);
1.210 + INSERT INTO ghi VALUES(1, 2, 3);
1.211 + INSERT INTO ghi VALUES(4, 5, 6);
1.212 + INSERT INTO ghi VALUES(7, 8, 9);
1.213 + CREATE INDEX abc_i ON abc(a, b, c);
1.214 + CREATE INDEX def_i ON def(c, a, b);
1.215 + CREATE INDEX ghi_i ON ghi(b, c, a);
1.216 + }
1.217 +} {}
1.218 +do_fuzzy_test fuzz-4.2 -template {[Select]}
1.219 +
1.220 +#----------------------------------------------------------------
1.221 +# Test some fuzzy INSERT statements:
1.222 +#
1.223 +do_test fuzz-5.1 {execsql BEGIN} {}
1.224 +do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table
1.225 +integrity_check fuzz-5.2.integrity
1.226 +do_test fuzz-5.3 {execsql COMMIT} {}
1.227 +integrity_check fuzz-5.4.integrity
1.228 +
1.229 +#----------------------------------------------------------------
1.230 +# Now that there is data in the database, run some more SELECT
1.231 +# statements
1.232 +#
1.233 +set ::ColumnList [list a b c]
1.234 +set E {{no such col} {ambiguous column name}}
1.235 +do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E
1.236 +
1.237 +#----------------------------------------------------------------
1.238 +# Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction.
1.239 +#
1.240 +set E {{no such col} {ambiguous column name} {table}}
1.241 +do_test fuzz-7.1 {execsql BEGIN} {}
1.242 +do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E
1.243 +integrity_check fuzz-7.3.integrity
1.244 +do_test fuzz-7.4 {execsql COMMIT} {}
1.245 +integrity_check fuzz-7.5.integrity
1.246 +
1.247 +#----------------------------------------------------------------
1.248 +# Many CREATE and DROP TABLE statements:
1.249 +#
1.250 +set E [list table duplicate {no such col} {ambiguous column name} {use DROP}]
1.251 +do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E
1.252 +
1.253 +close $::log
1.254 +finish_test